Jenny Adair http://www.imprima.com 7m 1,697 #hacking
The views of this article are the perspective of the author and may not be reflective of Confessions of the Professions.
Hacking In The Headlines
Hacking is thought to be the stuff of television, but it is as real, as serious, and alive today as it was many years ago. The business of hacking for those involved can mean payouts in millions of dollars per year, with inside or outside jobs taking place, and hackers embezzling small amounts from ATM machines to large lump sums that are then usually moved quickly overseas, where they remain out of jurisdiction of various governments around the world. Unfortunately, these millions of dollars are not valid payout, and often mean that this money was stolen from banks, corporations, and even people, and is rarely ever retrieved.
Some hackers may not be in it for the money, but rather in it for the skill, the game, or the publicity on the Internet, specifically in online hacking communities. They take on challenges to do certain things, obtain certain information, or actions on websites, which may be as little as shutting down a mini-website to causing billions of dollars in lost revenue and damages, by shutting down the websites of massive online corporations.
Hacking is appealing to professional businesses, amateurs, and government agencies. The skills of hackers are highly in demand, for not only being able to break into security systems, but for spying, retrieving highly confidential data, or changing highly guarded information. While the penalties for hacking are harsh, there are plenty of government agencies willing to forgive those criminal acts if the hacker agrees to work for the agency, as hacking talents and skills are highly in demand, and to let them go to waste in a jail cell is far worse than using those skills, and harnessing them for the good, or the bad.
Hacking skills are so in demand that big companies like Google, Facebook, and other organizations have “hackathons” in order to find the best hackers for the job, often hiring them for additional security work or even as hackers to attempt to find security vulnerabilities in the system. Banks also may hire a security team of hackers to attempt to find security vulnerabilities within the computer bank system, and attempt to breach it.
The Sony cyber-attack may be old news but we can be sure it won’t be long before the next hacking scandal hits the headlines. Just this week, it was reported that the computer hacking gang known as ‘Carbanak’ have been part of the largest cyber-crime ever detected, stealing £650m from more than 100 financial institutions worldwide.
While hackers often get a bad reputation and plenty of them serve probation and serious jail time, without them, companies, banks, and society would think they are safe, when really, these discovered vulnerabilities point out a lack of security in the security systems and firewalls that were hacked.
Hackers are everyday people with special skills for attention to details and advanced knowledge of computer systems and networks. While the crime of hacking, especially when it causes punitive damages to corporations and people is frowned upon, the exploit of the security vulnerability points out the obvious issues that the corporation must deal with when protecting the privacy of its customers and clients.
Hackers are doing the world a great service, because for every security issue that is found, there is a team working to improve the discovered vulnerability so it does not happen again. For example, many services now require a two-step verification process in order to log into a system, which greatly reduces the risk of someone who is not the authorized account holder from being able to gain access to the account.
We’ve created an infographic for iRooms provider, Imprima offering an insight into hacking worldwide.
Article by Matthew Gates and Jenny Adair of MediaWorks
Click to open / Right-click for save options
Text-Friendly Version
Hacking in the Headlines
Black- and grey-hat hackers are a huge threat to businesses and individuals worldwide. These cyber criminals can shut down your website with DDoS (distributed denial of service) attacks, render your computers unusable, and steal data from hard drives and servers.
WHAT IS HACKING?
Black-hat hackers exploit computer systems’ weaknesses in order to gain unauthorized access to data. They may use this information to commit fraud, or sell it to unscrupulous third parties. Some deface websites in protest, or simply to showcase their hacking skills in the online community.
White-hat hackers non-maliciously attack information systems to identify vulnerabilities and advise how cyber security could be improved.
Grey-hat hackers are considered a mix of the two. They often attack websites for political reasons.
HACKING WORLDWIDE
42.8 MILLION cyber-attacks worldwide in 2013 (117,339 per day)
Cybercrime is estimated to cost the global economy over $400 BILLION (~£250 billion) annually
Cybercrime is estimated to cost the UK economy £27 BILLION annually
LARGE UK ORGANIZATIONS
81% of large UK organizations had a cyber-security breach in 2014
55% were attacked by an unauthorized outsider
73% experienced a malicious software infection
38% were hit by DDoS attacks
SMALL UK BUSINESSES
60% of small UK businesses had a cyber-security breach in 2014
33% were attacked by an unauthorized outsider
45% experienced a malicious software infection
16% were hit by a DDoS attack
HIGH-PROFILE HACKERS
ANONYMOUS
Anonymous is an anti-authoritarian ‘hacktivist’ group that protests against organizations via cyber-attacks. They deface sites and leak sensitive information – or threaten to if their demands are not met.
One of the biggest cases was Operation Payback, a series of DDoS attacks on anti-piracy organizations involved in the shutdown of torrent sites. It also targeted banks that withdrew financial services to WikiLeaks. PayPal lost £3.5 million as a result of the attacks.
Members, or Anons, wear stylized Guy Fawkes masks at public protests.
KEVIN MITNICK
Once labelled the FBI’s most-wanted hacker, Kevin Mitnick was a fugitive for three years and served five years in prison. Using the art of human manipulation not technological tools to gain access to data, he describes his activities as social engineering rather than hacking.
JONATHAN JAMES
The first juvenile to be imprisoned for cybercrime in the USA, Jonathan James (aka c0mrade) hacked NASA at the age of 15, downloading software that controlled living conditions on the International Space Station. The agency was forced to shut its computer systems down for 21 days, at a cost of approximately $41,000.
MICHAEL CALCE
Another 15-year old who caused havoc with hacking is Michael Calce, aka Mafiaboy. In 2000, he launched a DDoS attack on Amazon, eBay, CNN, and more, causing $1.2 billion in damages. The teenager was convicted of 56 charges and spent in months in open custody.
ALBERT GONZALES
Albert Gonzales, aka Soupnazi, stole more than 170 million credit and debit card detials by hacking retailers like T.J. Maxx, Barnes & Noble, and 7-Eleven. He would program blank cards with this information and empty ATMs – and victims’ bank accounts. Prosecutors said that Gonzales caused $200 million in damages. He was sentenced to 20 years in federal prison in 2010.
FAMOUS HACKING SCANDALS
Adobe
In October 2013, Adobe announced that customer IDs, encrypted passwords, customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders had been compromised following a cyber-attack.
Adobe originally suggested that 2.9 million users had been affected, but this figure was later revised to 38 million. In November, LastPass said it had discovered a data dump containing 150 million breached records.
Stricture Consulting Group was able to decrypt the leaked data and reveal the top 100 passwords used by Adobe customers.
TOP 5 BREACHED ADOBE PASSWORDS
- 123456
- 123456789
- password
- adobe123
- 12345678
SIBERIAN PIPELINE SABOTAGE
When a KGB insider warned the CIA that the Soviets were planning to steal software, the agency planted a logical bomb – a malicious piece of code specifically designed to sabotage unauthorized users. The stolen program was used to control the Trans-Siberian pipeline, and triggered an explosion in 1982.
This disrupted the Soviet’s plans to import natural gas into Western Europe and damaged the Russian economy, benefiting the Western Bloc’s stance in the Cold War.
EBAY
An eBay database containing users’ names, encrypted passwords, email addresses, physical addresses, phone numbers, and dates of birth was accessed between late February and early March 2014. In May, Ebay asked 145 million customers to reset their passwords.
SONY PLAYSTATION NETWORK
On April 16th/17th 2011, hackers stole Sony Online Entertainment records featuring users’ names, addresses, email addresses, birth dates, genders, phone numbers, login names, and encrypted passwords. Direct debit records containing bank account number, customer name, account name, and address of 10,700 users in Austria, Germany, the Netherlands, and Spain were also compromised. Sony shut down the PlayStation Network and Qriocity on April 20th to begin an investigation and implement new security measures.
On May 1st, Sony announced that service restoration would begin that week. It also announced a Welcome Back programme, which offered complimentary contest and service subscriptions in an attempt to appease 77 million affected customers.
Later in May, the company estimated that the hack cost ¥14 BILLION ($171 MILLION)
But the expenses continued to rack up: the information Commissioner’s Office fined Sony Computer Entertainment Europe £250,000 in January 2013, claiming that the breach “could have been prevented.”
2014 CELEBRITY PHOTO LEAK
In August 2014, private photos of over 100 celebrities – many explicit – were posted to imageboard website 4chan. Two more batches of pictures were leaked in September, and another was released in October.
The photos were obtained from Apple iCloud, an online storage and backup service, but Apple denied its security systems were to blame. The company stated that accounts were “compromised by a very targeted attack on user names, passwords, and security questions.”
However, Apple introduced login notifications and two-step verification to help improve security for iCloud users.
SASSER WORM
When he was just 17 years old, Sven Jaschan created the Sasser worm. This malicious program took advantage of a programming bug in Windows 2000 and XP, infecting and paralyzing computers worldwide from May 2004. The UK Maritime and Costguard Agency, Australian rail network, and Taiwan postal service were among the victims.
Microsoft reward $250,000 to the two tipsters who helped police arrest the worm author. Jaschan was sentenced to 21 months on probation and 30 hours of community service.
CITIGROUP
By May 24th 2011, Citigroup discovered that 360,083 of its North American Citi card accounts had been hacked. The Wall Street Journal reported that approximately $2.7 million was stolen from around 3,400 creidt-card holders. The bank reimbursed affected customers.
Courtesy of www.imprima.com
CC Creative Commons
Infographic courtesy of Imprima
(